summaryrefslogtreecommitdiff
path: root/changes/bug10402
AgeCommit message (Collapse)Author
2013-12-18Never allow OpenSSL engines to replace the RAND_SSLeay methodNick Mathewson
This fixes bug 10402, where the rdrand engine would use the rdrand instruction, not as an additional entropy source, but as a replacement for the entire userspace PRNG. That's obviously stupid: even if you don't think that RDRAND is a likely security risk, the right response to an alleged new alleged entropy source is never to throw away all previously used entropy sources. Thanks to coderman and rl1987 for diagnosing and tracking this down.